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(54) Network connection controlling method and system thereof 



(57) An authentication checking server (101) makes 
user authentication checking when an access is made 
to an individual in-house server (103). A resource man- 
aging server (102) receives a resource request corre- 
sponding to the resource of the individual server (103), 
calculates the access right to the corresponding re- 
source based on the resource request and the result of 
the authentication checking, and relays the calculated 



access right and the resource request to the individual 
server (103). Upon receipt of the access right and the 
resource request, the individual server transmits the re- 
source as a mobile code. A client machine receives and 
executes the mobile code, whereby an encryption ac- 
cess is made to the resource of the individual server in- 
cluded in an in-house network via the relay agent gen- 
erated within the client machine. 
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Description 

[0001] The present invention relaies to a firewall tech- 
nique for interconnecting the Internet and a LAN (Local 
Area Network), and (or securely protecting the resourc- 
es within the LAN while permitting accesses made trom 
the Internet to the LAN. 

[0002] Conventionally, a firewall was arranged with a 
packet filtering method or a filtering method as an appli- 
cation gateway. These methods are intended to deter- 
mine whether or not to permit an access from an outside 
to an inside tor each service 

[0003] With the firewall for protecting in-house re- 
sources from an illegal attack from outside when an in- 
house LAN is connected to the Internet, all accesses 
are prohibited by default, and only a particular individual 
access is permitted. 

[0004] Therefore, with the current filtering method, 
which respectively recognizes a service and a user as 
first and second standards, almost all network services 
become unavailable and even legal users cannot re- 
ceive useful Internet services. 

[0005] If network services are made available outside 
and inside a company depending on need in order to 
satisfy the recently diversified demands of in-house us- 
ers, data from many services are allowed to pass 
through the firewall. As a result, it becomes difficult to 
maintain security. 

[0006] Additionally, using a remote access method 
which is currently becoming popular, login to an in- 
house LAN machine is permitted after authentication 
checking is made. Accordingly, even a single attack can 
possibly cause serious damage. 

[0007] As described above, with the conventional 
methods, if the number of services which can externally 
use in-house resources increases, the possibility that 
the in-house resources, which must be protected, can 
be exposed to danger becomes great. 
[0008] This invention was developed in the above de- 
scribed background, and aims at significantly improving 
the degree of convenience of a firewall, and at securing 
a security level equivalent to that of a conventional tech- 
nique by changing a filtering method 
[0009] The present invention assumes a network con- 
nection controlling method for interconnecting an exter- 
nal network (a network outside a company) and a local 
area network (a network inside a company). 
[001 0] In an embodiment of the invention, authentica- 
tion checking is made for a user within an external net- 
work (a user of a client machine 301 ) when the user ac- 
cesses a local area network (an authentication checking 
server 101). 

[0011] Next, a resource request to access a resource 
within the local area network is received from the user 
based on the result of the authentication checking (a re- 
source managing server 102). 

[001 2] Then, an access right to the resource within the 
local area network, is calculated in terms of level or ex- 
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tent (categorised or graded) based on the resource re* 
quest and the result of the authentication checking (the 
resource managing server 102). 

[0013] As a result, an access to the resource is made 

5 based on the calculated access right (the resource man- 
aging server 102) (e.g. to a calculated level of access). 
[001 4] Here, the accessed resource is transmitted as 
a mobile code to the client machine operated by the us- 
er. The client machine access the data within the re- 

io source by receiving and executing the mobile code. 
[0015] In the above method, filtering is performed by 
recognizing a user and a service as first and second 
standards, so that it becomes possible to protect in- 
house resources from external attacks and to satisfy the 

is diversified demands of in-house users in accordance 
with the respective policies for respective users, that is, 
all company employees are permitted to make any ac- 
cesses by default, while external users are prohibited 
from making any accesses by default 

20 [0016] Additionally, a change is made from the con- 
ventional method for permitting login to a machine within 
an in-house network after authentication checking is 
made, to the method for externally transmitting only a 
requested in-house resource, thereby making the scale 

25 of damage which can possibly occur with a single attack 
less than that of a conventional technique. 
[0017] More specifically, the distinction between text 
information such as electronic mail received within a 
company, multimedia information, etc., and the applica- 

30 tion program data of a system under development, is 
not made, and they are defined to be in-house resourc- 
es. The applications inside and outside the company 
can be linked and operate together. 
[0018] As described above, in an embodiment of the 

3S invention, the degree of convenience of a firewall can 
be significantly improved by changing a filtering method, 
and moreover, the security mechanism is duplicated by 
checking user authentication and controlling each ac- 
cess to in-house resources, thereby ensuring the secu- 

40 rity level equivalent to that of a conventional technique. 
[0019] Reference is made, by way of example, to the 
accompanying drawings in which: 

Fig. 1 is a block diagram showing the configuration 
45 of a system according to a preferred embodiment 

of the present invention (No. 1 ); 
Fig. 2 is a block diagram showing the configuration 
of the system according to the preferred embodi- 
ment of the present invention (No. 2): 
50 Fig 3 is a schematic diagram explaining the oper- 
ations according to the preferred embodiment of the 
present invention (No. 1) ; 

Fig. 4 is a schematic diagram explaining the oper- 
ations according to the preferred embodiment of the 
55 present invention (No. 2); 

Fig. 5 is a schematic diagram explaining the oper- 
ations according to the preferred embodiment of the 
present invention (No. 3) ; 
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Fig. 6 is a schematic diagram explaining the oper- 
ations according to the prelerred embodiment ot the 
present invention (No. 4): 

Fig. 7 shows the sequence lor establishing a serv- 
ice between a client and a server. 
Fig. 8 shows the procedure sequence at an update 
(in the case where there is almost no time difference 
between when a resource is received and when a 
rewrite operation is performed): 
Fig. 9 shows the procedure sequence at an update 
(in the case where there is a time difference be- 
tween when a resource is received and when a re- 
write operation is performed): 
Fig. 10 exemplifies a client application program: 
Fig. 11 exemplifies a gate keeper program; and 
Fig. 12 exemplifies a resource manager program. 

[0020] Provided below is the explanation about the 
details ot the preferred embodiment according to the 
present invention. 

Characteristics of the Preferred Embodiment 
According to the Present lnvention> 

[0021] This preferred embodiment is characterized in 
that filtering is performed by respectively recognizing a 
user and a service as first and second standards, so that 
it becomes possible to protect in-house resources from 
external attacks, and also to satisfy the diversified de- 
mands ot in-house users in accordance with the respec- 
tive policies for respective users, that is/company em- 
ployees are permitted to make any accesses by default, 
while external users are prohibited from making any ac- 
cesses by default. 

[0022] Additionally, this preferred embodiment is 
characterized in that the scale of damage which can be 
possibly caused by a single attack can be made less 
than that of a conventional technique by changing the 
conventional method for permitting login to a machine 
included in an in-house network after authentication 
checking is made, to the method for transmitting only a 
requested in-house resource. 

[0023] More specifically, according to this preferred 
embodiment, the distinction between in-house resourc- 
es: for example, between text information such as elec- 
tronic mail received within a company multimedia infor- 
mation, etc., and the application program data of a sys- 
tem under development, is not made, and an application 
possessed inside the company is defined to be one of 
the in-house resources, whereby applications inside 
and outside the company can be linked and operate to- 
gether. 

[0024] As described above, according to this pre- 
ferred embodiment, the degree of convenience of a fire- 
wall can be significantly improved by changing a filtering 
method, and additionally, the security mechanism is du- 
plicated by checking user authentication and by control- 
ling each access to in-house resources, thereby ensur- 



ing the security level equivalent to that o1 a conventional 
technique. 

Configuration of the Preferred Embodiment According 
5 to the Present lnvention> 

[0025] Fig. 1 is a block diagram showing the configu- 
ration of the system according to the preferred embod- 
iment of the present invention. 

io [0026] An authentication checking server 101. which 
is arranged within an in-house network, comprises at 
least one service request port for receiving a plurality of 
types of service requests such as telnet, ftp, http, etc., 
and has a mechanism tor checking user authentication. 

75 This server 1 01 is connected to the internet via an ISP 
(Internet Service Provider) 10.4 included in an external 
network. 

[0027] A resource managing server 102, which is ar- 
ranged within the in-house network, has a capability for 

20 managing the resources within the in-house network, 
and has a mechanism for restricting an access right to 
each of the in-house resources depending on the. at- 
tribute or the degree of reliability ot a user. This server 
102 is connected to the authentication checking server 

25 101. 

[0028] Note that the resource managing server VI 02 
and the authentication checking-server 101 may be di- 
rectly connected as shown in Fig. 1 , or may be connect- 
ed via a packet filtering router 201 as shown in Fig. 2. 
30 [0029] An individual server 103, which is arranged 
within the in-house network, provides a variety of serv- 
ices such as telnet, ftp, http, etc. This server 103 may 
be the same server as the resource managing server 
102. 

35 

<Principle of the Operations According to the Preferred 
Embodiment of the Present lnvention> 

[0030] Provided next is the explanation about the prin- 
40 ciple of the operations of the configuration according to 
the above described preferred embodiment. 
[0031] A user ID and an authentication password are 
registered to the authentication checking server 101 be- 
forehand. 

45 [0032] If a user ID is not registered to the authentica- 
tion checking server 101, the corresponding user is rec- 
ognized to be an external user. 

[0033] A pass-phrase or an one-time password, etc., 
which are used by a public key encrypting system, can 

50 be adopted as the authentication password, while an 
electronic mail address is adopted as the user ID. 
[0034] A user who desires to access an in-house re- 
source makes a connection to the authentication check- 
ing server 101 , and transmits a service request, the user 

55 id, and the authentication password to the authentica- 
tion checking server 101. 

[0035] The authentication checking server 101 which 
has received the service request calculates the degree 
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of reliability ot Ihe user by making a matching between 
the received user ID and authentication password, and 
the registered user ID and authentication password 
[0036] The authentication checking server 101 then 
opens a port (socket) tor a client machine as the prep- 
aration lor accepting the resource' request. 
[0037] The client machine transmits the logical name 
ot a desired in-house resource to the port as a resource 
request. The resource specification is made with a URL 
(Uniformed or Universal Resource Locator). 
[0038] The authentication checking server 101 trans- 
mits to the resource managing server 102 the resource 
request transmitted from the client machine and the de- 
gree of reliability of the user, which is calculated before- 
hand. 

[0039] Upon receipt of the resource request and the 
degree of reliability of the user Irom the authentication 
checking server 1 01 , the resource managing server 1 02 
detects the individual server 103 which provides the 
specified in-house resource, according to the logical 
name of the in-house resource included in the resource 
request. Furthermore, the resource managing server 
102 determines an access right to the requested in- 
house resource according to the degree of reliability of 
the user, which is received from the authentication 
checking server 101, transmits the resource request 
and the access right to the individual server 103, and 
requests the program code (mobile code) which pro- 
vides the requested in-house resource. 
[0040] The individual server 103 which receives the 
resource request and the access right from the resource 
managing server 102, generates the mobile code, and 
embeds a requested resource, a program for accessing 
the resource. the individual settings such as the access 
right received from the resource managing server 102 : 
a client identification code, the expiry date of the pro- 
gram, etc. in the generated mobile code. Then, the in- 
dividual server 103 returns the mobile code to the re- 
source managing server 102. 

[0041] Upon receipt of the mobile code from the indi- 
vidual server 103, the resource managing server 102 
returns it to the authentication checking server 101 . 
[0042] Upon receipt of the mobile code from the re- 
source managing server 102 ; the authentication check- 
ing server 101 encrypts the mobile code by using the 
registered password (such as a public key, etc.) of the 
user who has issued the resource request, and returns 
the encrypted mobile code to the client machine which 
has issued the resource request. 

[0043] The client machine which has received the en- 
crypted mobile code extracts the secret key of the user 
by using the pass-phrase that the user has transmitted 
to the authentication checking server 1 01 at the time of 
the authentication checking., decrypts the encrypted mo- 
bile code with the secret key, and executes the program 
of the mobile code. Consequently, the in-house re- 
source requested by the user is reproduced on the client 
machine. 
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[0044] The in-house resource reproduced on the cli- 
ent machine rejects an access request which violates 
the access -right by referencing the access right and the 
client identification code, which are embedded in the re- 
£ source itself. 

<Specific Operations According to the Preferred 
Embodiment of the Present lnvention> 

w [0045] Sequentially provided below are the explana- 
tions about the specific operations according to the pre- 
ferred embodiment of the present invention, by referring 
to the schematic diagrams explaining the operations 
shown in Figs. 3 through 6, the sequences shown in 

i5 Figs. 7 through 9, and the program examples shown in 
Figs. 10 through 12. 

[0046] The explanations to be provided below as- 
sume that the authentication checking by the authenti- 
cation checking server 101 is made based on the public 
20 key encrypting system, a pass-phrase is used as the au- 
thentication password, and an electronic mail address 
is used as the user ID. 

[0047] The authentication checking server 101 has a 
pair of the electronic mail address and the public key of 

25 a user as user information. 

[0048] In the authentication checking server 101, a 
gate keeper 303, as shown in Fig. 3, which is a server 
program for making the authentication checking, leaves 
only the authentication checking port (socket) open. 

30 Whatever network service is used, the connection to this 
port is first made, and then the authentication checking 
is made. When the gate keeper 303 opens the above 
described port, for example, the program code shown 
in step 1 of Fig. 11 is executed. 

35 [0049] If a user requests a network service within an 
in-house network by executing a client application 302 
(Fig. 3) of a client machine 301 , an authentication check- 
ing request is first issued from the client machine 301 to 
the authentication checking server 101 (S1 of Fig. 7). In 

^o this case, the client application 302 executes, for exam- 
ple, the program codes shown in steps 1 and 2 of Fig. 
10. The authentication checking server 101 is specified 
in step 1, while the connection to the authentication 
checking port of the authentication checking server 101 

45 j s made in step 2. 

[0050] If the connection to the authentication check- 
ing server 101 is successfully made, the user inputs his 
or her user ID and authentication password by using the 
window displayed on the client machine 301. The user 

50 id is the electronic mail address of the user, while the 
authentication password is the pass-phrase used when 
the public and secret keys are generated. 
[0051] Upon receipt of the user ID and the authenti- 
cation password from the client machine 303, the gate 

55 keeper 303 included in the authentication checking 
server 1 01 decrypts the authentication password by us- 
ing the public key of the user, and determines whether 
or not the received user ID is registered to a user data- 
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base, which is not shown in Fig. 3 but is included in the 
authentication checking server TOi , and whether or not 
the received authentication password matches any au- 
thentication password stored in the user database, it the 
user ID is registered (S2 of Fig. 7). In this case, the gate 
keeper 303 executes, tor example, the program codes 
shown in steps 2 and 3 ot Fig. 11 . The process tor re- 
ceiving the user ID and the authentication password is 
performed in step 2. while the process for checking au- 
thentication is performed in step 3. 
[0052] Next, the gate keeper 303 calculates the de- 
gree of reliability of the user by referencing the above 
described user database with the result of the authenti- 
cation checking (S2 of Fig. 7). In this case, the gate 
keeper 303 executes, for example, the program code 
shown in step 4 of Fig. 11 . 

[0053] If the electronic mail address of the user, which 
is the user ID, is registered in the user database and if 
the authentication password is legal, a high degree of 
reliability is provided to the user so that he or she can 
use many services. 

[0054] If the user ID is not registered in the user da- 
tabase, this user is recognized to be an external user 
and a low degree of reliability is provided to the user. In 
this case, only services which do not require the authen- 
tication checking, such as the acceptance of electronic 
mail addressed to an in-house user, etc. are provided. 
[0055] If the authentication password is illegal al- 
though the user ID is registered to the user database, 
this access is determined to be an attack and is rejected. 
[0056] If the authentication checking is properly 
made, the gate keeper 303 secures the port (socket) for 
accepting the resource request issued from the user 
(permission/connection port), and activates a relay 
server for relaying resource associated information, 
which is communicated between the client machine 301 
and the resource managing server 102, in correspond- 
ence with the secured port. Then, the gate keeper 303 
notifies the client machine 301 of the above described 
permission/connection port (S3 of Fig. 7). In this case, 
the gate keeper 303 executes, tor example, the program 
codes shown in steps 5 through 8 of Fig. 11. In step 5 : 
it is determined whether or not the degree of reliability 
is higher than a threshold. In step 6, the number of the 
permission/connection port is dynamically secured. In 
step 7, the relay server using this port number is acti- 
vated. In step 8, the above described port number is no- 
tified to the client machine 301 if the relay server is suc- 
cessfully activated. 

[0057] When the permission/connection port is noti- 
fied from the authentication checking server 1 01 , the cli- 
ent application 302 executed by the client machine 301 
assembles the resource request in a predetermined da- 
ta format, extracts the secret key by receiving from the 
user the pass-phrase for extracting the secret key of the 
user, and encrypts the resource request with the secret 
key. Then, the client application 302 transmits the en- 
crypted resource request by using the notified port (S4 



S 

of Fig. 7). In this case, the client application 302 exe- 
cutes, for example, the code shown in step 3 of Fig. 10. 
[0058] The relay server, which is operated by the au- 
thentication checking server 101 , decrypts the resource 

5 request received from the client machine 301 with the 
public key corresponding to the user who has transmit- 
ted the request, embeds in the decrypted resource re- 
quest the degree ot reliability, which is calculated tor this 
user (S2 of Fig. 7), and transmits the resource request 

io to the resource managing server 102 (S5 of Fig. 7). 
[0059] The resource manager 304 (shown in Fig. 3), 
which is operated by the resource managing server 1 02, 
has the mechanism for providing an external user via 
an external network with the directory for searching for 

1$ the individual server 103 which provides the in-house 
resource corresponding to the logical name of an in- 
house resource, and for determining the access right 
from the client machine 301 to the in-house resource. 
[0060] More specifically the resource managing serv- 

20 er 102 parses the resource request, extracts the re- 
source name and the degree of reliability .of the user, 
and calculates the access right to the resource by using 
the extracted information, upon receipt of the resource 
request from the authentication checking server 101 (S6 

2& of Fig. 7). The access right includes, for example, the 
right to perform a read /write operation for an in-house 
user, the right to perform only a read operation for an 
external user, the right to prohibit an access to a confi- 
dential resource for an external user, etc. In this case, 

30 the resource manager 304 executes, for example, the 
program codes shown in steps 1 through 3 of Fig. 12. 
In step 1, the process for receiving a resource request 
is performed. In step 2, a data set "p", which includes 
the resource name and the degree of reliability of a user, 

35 is extracted by performing the process for parsing the 
received resource request. In step 3, the process for cal- 
culating the access right to the data set "p" is performed. 
[0061] Note that the determination of the access right 
may be made by the individual server 103. 

40 [0062] Next, the resource managing server 102 
searches for the individual server 103 which provides 
the network service corresponding to the parsed re- 
source request, transmits the parsed resource request 
and the access right to the searched individual server 

45 103, and requests the relay agent which is the above 
described mobile code for providing the requested in- 
house resource (S7 of Fig. 7). In this case, the resource 
manager 304 executes, for example, the program codes 
shown in steps 4 and 5 of Fig. 1 2. It is determined wheth- 

50 er or not a permissible access right can be obtained in 
step 4 : while the resource request, the access right, and 
the request of the relay agent are transmitted to the in- 
dividual server 103 in step 5. 

[0063] The individual server 103, which has received 
55 the resource request, the access right, and the request 
of the relay agent from the resource managing server 
102, generates the requested relay agent, and embeds 
in the generated relay agent the individual settings such 
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as the access right received from the resource manag- 
ing server the client identification code, the expiry date 
of the program, etc. (S6 of Fig. 7). This relay agent is 
written as a mobile code, for example, in JAVA provided 
by Sun Microsystems. The relay agent can freely move 
within in-house and external networks, and includes the 
contents of an in-house resource and the interlace 
(method) for accessing the contents. 
[0064] The individual server 103then returns the relay 
agent to the resource managing server 1 02 as shown in 
Fig. 4 (S9 of Fig. 7). 

[0065] Upon receipt of the relay agent the resource 
manager 304 operated by the resource managing serv- 
er 102 returns the relay agent to the authentication 
checking server 101 (S10 of Fig. 7). In this case, the 
resource manager 304 executes, for example, the pro- 
gram code shown in step 6 of Fig. 12. 
[0066] Upon receipt of the relay agent, as shown in 
Fig. 4, the above described relay server operated by the 
authentication checking server 101 encrypts the relay 
agent with the registered public key of the user who has 
transmitted the resource request (the key represented 
within the authentication checking server 101 of Fig. 4), 
and returns the encrypted relay agent to the client ma- 
chine 301 which has transmitted the resource request 
(S11 of Fig. 7). 

[0067] The client machine 301 which has received the 
encrypted relay agent extracts the secret key of the user 
with the pass-phrase that the user has transmitted to the 
authentication checking server 101 at the lime of the au- 
thentication checking, decrypts the encrypted relay 
agent 401 with the secret key (the key represented with- 
in the client machine 301 of Fig. 4), and executes the 
program of the relay agent (S12 of Fig. 7). In this case, 
the client application 302 run by the client machine 301 
executes, for example, the program codes shown in 
steps 4 through 6 of Fig. 10. In step 4, it is determined 
whether or not the relay agent 401 has been received. 
In step 5 : the relay agent 401 is decrypted. In step 6, 
the decrypted relay agent 401 is executed. 
[0068] Consequently, the in-house resource request- 
ed by the user is reproduced on the client machine 301 . 
The user can access the in-house resource reproduced 
on the client machine 301 within the client machine 301 
itself asynchronously to the individual server 103 includ- 
ed in the in-house network, as shown in Fig. 5 
[0069] The relay agent 401 executed by the client ma- 
chine 301 rejects an access request which violates the 
access right by referencing the access right and the cli- 
ent identification code, which are embedded in the agent 
401 itself. 

[0070] Provided next is the explanation about the 
case where a data rewrite request to an in-house re : 
source occurs within the client machine 301 , by referring 
to the schematic diagram explaining the operations 
shown in Fig. 6 and the sequences shown in Fig. 8 and 
9. Fig. 8 shows the sequence used when there is almost 
no time difference between when an in-house resource 
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is received by the client machine 301 and when a rewrite 
request is issued. Fig. 9 shows the sequence used when 
there is a time difference. The explanation will be pro- 
vided by referring to both of Figs. 6 and 9. 

5 [0071] When a rewrite request occurs within the client 
machine 301 (Si of Fig. S or 9). the relay agent 401 ex- 
ecuted by the client machine 301 checks the access 
right of the user who has issued the request according 
to the code included in the request (52 of Fig. 6 or 9). 

to [0072] If the access is permissible, the relay agent 
401 issues an authentication checking request tothe au- 
thentication checking server 101 (S3 of Fig. 8 or 9. This 
authentication checking request includes a user ID and 
an authentication password in a similar manner as in Si 

is of Fig. 7). 

[0073] Upon receipt of the user ID and the authenti- 
cation password from the client machine 301 , the gate 
keeper 303 included in the authentication checking 
server 101 checks an amount of time elapsed from the 
20 connection start of the corresponding the user (S4 of 
Fig. 8 or S4' of Fig. 9). 

[0074] If the amount of elapsed time is equal to or 
smaller than a predetermined amount, and if the permis- 
sion/connection port (refer to S3 of Fig. 7) for accepting 

2S the resource request from the user is still open, the gate 
keeper 303 notifies the client machine 301 of this per- 
mission/connection port (S5 of Fig. 8). 
[0075] If the amount of elapsed time is longer than a 
predetermined amount, and if the permission/connec- 

30 tion port lor accepting the resource request from the us- 
er is closed, the gate keeper 303 performs the authen- 
tication checking and the reliability degree calculation 
process in the similar manner as in S2 of Fig. 7 (S4' of 
Fig. 9), and notifies the client machine 301 of the result- 

3S antly secured permission/connection port (S5 of Fig. 9). 
[0076] When the permission/connection port is noti- 
fied from the authentication checking server 1 01 , the re- 
lay agent 401 executed by the client machine 301 as- 
sembles the rewrite request in a predetermined data for- 

^0 mat in a similar manner as in S4 of Fig. 7, extracts the 
secret key of the user with the pass-phrase that the user 
has transmitted to the authentication checking server 
101 at the time of the authentication checking, and en- 
crypts the rewrite request including a new content to be 

45 rewritten to an in-house resource by using the secret 
key. Next, the relay agent 401 transmits the encrypted 
rewrite request by using the notified port (S6 of Fig. 8 or 
9). 

[0077] The relay server executed by the authenlica- 
50 tion checking server 101 decrypts the encrypted rewrite 
request received from the client machine 301 with the 
public key corresponding to the user who has transmit- 
ted the request, embeds in the decrypted rewrite re- 
quest the degree of reliability, which was previously (in 
55 the case shown in Fig. 8) or is newly (in the case shown 
in Fig. 9) calculated, and transmits the rewrite request 
to the resource managing server 1 02 (S7 of Fig. 8 or 9). 
[0078] Upon receipt of the rewrite request from the au- 
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thenticalion checking server 1 01 . the resource manager 
304 operated by the resource managing server 102 
parses this request, extracts the resource name and the 
degree. of reliability of the user, and calculates the ac- 
cess right to the resource by using the extracted infor- 
mation in a similar manner as in S6 of Fig. 7 (SB of Fig 
8 or 9) 

[0079] The resource managing sever 102 searches 
for the individual server 103 which provides the network 
service corresponding to the parsed rewrite request, 
and transmits the parsed rewrite request and the access 
right to the searched individual server 103 (S9 of Fig. 6 
or 9). 

[0080] The individual server 103 which has received 
the rewrite request and the access right from the re- 
source managing server 1 02 rewrites the content includ- 
ed in the rewrite r equesl to the in-house resource based 
on the access right. 

[0081] When the rewrite operation is successfully pei- 
formed, the notification ol the success of the rewrite op- 
eration is returned from the individual server 103 to the 
client machine 301 . and the rewrite process is complet- 
ed (S10 of Fig. S or 9). 

[0082] The relay agent 401 executed by the client ma- 
chine 301 automatically terminates its process, if the 
amount of elapsed execution time exceeds the expiry 
date set within the relay agent 401 itself. 



Claims 

1. A network connection controlling method for inter- 
connecting an external network and a local area 
network, comprising the steps of: 

making authentication checking for a user with- 
in the external network when the user accesses 
the local area network; 

receiving a resource request to access a re- 
source within the local area network from the 
user based on a result of the authentication 
checking; 

calculating an access right to the resource with- 
in the local area network, which is requested by 
the resource request, based on the resource re- 
quest and the result of the authentication 
checking; and 

accessing the resource based on the calculat- 
ed access right. 

2. The method according to claim 1, further compris- 
ing the steps of: 

transmitting the accessed resource to a client 
device operated by the user as a mobile code 
including a program for accessing data includ- 
ed in the resource; and 

accessing the data included in the resource by 



receiving and executing the mobile code. 

3. The method according to claim 2, further compris- 
ing the steps of: ' - 

£ * 

embedding an access control code which is 
based on the result of the authentication check- 
ing in the access program included in the mo- 
bile code: and 

w controlling an access that the client device 

makes to the data included in the resource 
based on the access control code. 

4. The method according to claim 2 or 3, further corn- 
's prising the steps of: 

embedding an expiry dale control code in the 
mobile code: and 

controlling a time period during which the client 
20 • device can execute the mobile code based on 
the expiry date control code. 

5. The method according to claim 2, 3, or 4, further 
comprising the steps of: 

25 

including the mobile code as a relay agent 
which implements a communication between a 
resource reproduced on the client device when 
the mobile code is executed by the client de- 
30 vice, and a resource of a distribution source. 

which corresponds to the mobile code; and 
encrypting the communication between the re- 
sources. 

35 6. The method according to any preceding claim, fur- 
ther comprising the step of: 

communicating each of a plurality of types of 
resource requests based on a predetermined data 
format by using a single communications port. 

40 

7. The method according to any of claims 2 to 5, fur- 
ther comprising the step of: 

issuing a rewrite request to a resource of a 
distribution source by using a degree of reliability of 
45 the user, when the resource is updated by the client 
machine. 

8. A method for making an access from a client to a 
resource of an individual server, the client access- 

50 ing the resource by receiving from the server the 
resource to be accessed as an encrypted mobile 
code including data within the resource and a pro- 
gram for accessing the data, and by executing the 
received mobile code. 

55 

9. The method according to claim 8, comprising the 
steps of: 
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arranging an authenticating server between an 
external client and the individual server 
transmitting an ID and a password to the au- 
thenticating server: and 

leceiving a port number corresponding to the 
individual server if authentication is successful- 
ly made, and requesting the mobile code by us- 
ing the port number. 

10. A method for connecting a client and a server, com- 
prising the steps of: 

making authentication checking upon receipt of 
an authentication request from the client; 
calculating a degree of reliability of a user: 
opening a port corresponding to an individual 
server in response to a resouice request issued 
from the client; and 

notifying the client of the port number for trans- 
mitting a request to the individual server and 
then relaying a resource of the individual server 
as a mobile code composed of data included in 
the resource and a program for accessing the 
data. 

11. A method for connecting a client and an individual 
server, wherein: 

the individual server is managed by parsing a 
resource request upon receipt of the resource re- 
quest from the client, calculating an access right 
corresponding to the individual server, transmitting 
the request to the individual server when a permit- 
ted access right is obtained, and returning a re- 
quested resource as a mobile code composed of 
resource data and an access program to the client. 

12. A network connection controlling system for inter- 
connecting a client device within an external net- 
work and a resource providing server within a local 
area network, comprising: 

an authentication checking server device (101 ) 
for making authentication checking lor a user 
of the client device within the external network, 
when the user accesses the resource providing 
server device within the local area network: and 
a resource managing server device (102) for re- 
ceiving a resource request to access a re- 
source provided by said resource providing 
server device from the user based on a result 
of the authentication checking, for calculating 
an access right to the resource which is provid- 
ed by said resource providing server device 
and is requested by the resource request, 
based on the resource request and the result 
of the authentication checking, and for relaying 
the resource request and the access right to 
said resource providing server device. 



14 

13. A computer-readable storage medium storing a 
program which directs a computer to perform a net- 
work connection controlling process for intercon- 
necting an external network and a local area net- 

s work, the process comprising the steps of: 

making authentication checking for a user with- 
in the external network, when the user access- 
es the local area network: 
io receiving from the user a resource request to 

access a resource within the local area network 
based on a result of the authentication check- 
ing: 

calculating an access right to the resource with- 
75 in the local area network, which is requested by 

the resource request, based on the resource re- 
quest and the result of the authentication 
checking: and 

accessing the resource based on the calculat- 
ed ed access right. 

14. A method tor making an access from a client to a 
resource ol an individual server, the client access- 
ing the lesource by receiving from the individual 

25 server the resource to be accessed as an encrypted 

mobile code including data within the resource and 
a program for accessing the data, and by executing 
the received mobile code. 
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(54) Network connection controlling method and system thereof 



(57) An authentication checking server (101) makes 
user authentication checking when an access is made 
to an individual in-house server (103). A resource man- 
aging server (102) receives a resource request corre- 
sponding to the resource of the individual server (103) ; 
calculates the access right to the corresponding re- 
source based on the resource request and the result of 
the authentication checking, and relays the calculated 



access right and the resource request to the individual 
server (103). Upon receipt of the access right and the 
resource request, the individual server transmits the re- 
source as a mobile code. A client machine receives and 
executes the mobile code, whereby an encryption ac- 
cess is made to the resource of the individual server in- 
cluded in an in-house network via the relay agent gen- 
erated within the client machine. 
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